.

Cisco Level 7 passwords

<<

Birdcr

Post Sun Mar 08, 2009 2:47 pm

Cisco Level 7 passwords

Hi there i have seen several tutorial which explain that using a web brower you can enter a routers IP addy and get the prompt for credentials, by clicking cancel you can get the hash of the cisco password and if the password is level 7 it can easillly be cracked on multiple sites.

to try this i set up home pc a 2950 switch and a few routers, once get connectivity and able to ping/telnet etc i opened a browser (Both IE and firefox) and entered the ip i had assigned to the router (10.0.0.1) but just got this page cannot be displayed error message.

Am i doing something wrong or missing a step as i just cannot get this working. thanks
<<

jimbob

Post Sun Mar 08, 2009 3:13 pm

Re: Cisco Level 7 passwords

Perhaps the router is not running a web server or is using HTTPS. Not all routers will have a web server enabled, so check the router configuration.

Jimbob
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Mar 08, 2009 6:09 pm

Re: Cisco Level 7 passwords

ip server http
I think
twitter.com/timmedin | http://blog.securitywhole.com
<<

Birdcr

Post Mon Mar 09, 2009 4:38 am

Re: Cisco Level 7 passwords

jimbob wrote:Perhaps the router is not running a web server or is using HTTPS. Not all routers will have a web server enabled, so check the router configuration.

Jimbob


right i havent set anything up as it is on my local lan, would i need to cofigure router for this to be able to do this? is this an easy process and is there any documentation avaliable for this?
<<

sh4d0wman

Newbie
Newbie

Posts: 8

Joined: Wed Mar 04, 2009 2:16 am

Location: The Netherlands

Post Mon Mar 09, 2009 7:18 am

Re: Cisco Level 7 passwords

Dunno what router model you have. Many info can be found searching the Cisco site.
http://www.cisco.com/en/US/products/sw/ ... e4727.html

This might help:

Step 1 Enable the HTTP and HTTPS servers on your router by entering the following commands in global configuration mode:

Router# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# ip http server

Router(config)# ip http secure-server

Router(config)# ip http authentication local

Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000

If the router supports HTTPS, the HTTPS server will be enabled. If not, the HTTP server will be enabled. HTTPS is supported in all images that support the Crypto/IPSec feature set, starting from Cisco IOS release 12.25(T).

Let me know if it works. Otherwise try to find some Cisco books.
Comptia Security+ Certified
WIP: CCNA / CHFI
<<

Birdcr

Post Mon Mar 09, 2009 8:34 am

Re: Cisco Level 7 passwords

sh4d0wman wrote:Dunno what router model you have. Many info can be found searching the Cisco site.
http://www.cisco.com/en/US/products/sw/ ... e4727.html


I have three routers, nothing that good, 1600 series, 1720 and 2500. not too sure of the IOS they are running
<<

sh4d0wman

Newbie
Newbie

Posts: 8

Joined: Wed Mar 04, 2009 2:16 am

Location: The Netherlands

Post Mon Mar 09, 2009 9:31 am

Re: Cisco Level 7 passwords

Is this link any help to you?
http://articles.techrepublic.com.com/51 ... 77508.html

Keep in mind: The HTTP server was introduced in IOS release 11.0 to extend router management to the worldwide Web.

The HTTP server is not enabled by default except on unconfigured Cisco model 1003, 1004, and 1005 routers.

So I would advise to check out what IOS version you run ;)
Comptia Security+ Certified
WIP: CCNA / CHFI
<<

Birdcr

Post Mon Mar 09, 2009 1:58 pm

Re: Cisco Level 7 passwords

Ok i have finaly found the original link to the Vulnerability i was trying to perform, this is called the:
HTTP Configuration Arbitrary Administrative Access Vulnerability:
(tutorial shown on this link below)
http://www.securityfocus.com/infocus/1734

So im going to try to set this up on my LAN tonight using the instruction provided by sh4d0wman (thanks!) to enable HTTP and HTTPS servers on my router, if they are up to the job!
<<

sh4d0wman

Newbie
Newbie

Posts: 8

Joined: Wed Mar 04, 2009 2:16 am

Location: The Netherlands

Post Tue Mar 17, 2009 10:33 am

Re: Cisco Level 7 passwords

Just curious if you got all working :) Pls update your post if you have time.
Comptia Security+ Certified
WIP: CCNA / CHFI
<<

Higgins

Newbie
Newbie

Posts: 3

Joined: Fri Dec 12, 2008 2:08 pm

Post Tue Mar 17, 2009 12:12 pm

Re: Cisco Level 7 passwords

As sh4d0wman said, you'll have to check your IOS Version on your test routers.

The vulnerability only affects certain IOS versions according to their site: http://www.securityfocus.com/bid/2936

The vulnerability is also a bit old too.  Was discovered in 2001.
<<

Birdcr

Post Tue Mar 17, 2009 6:25 pm

Re: Cisco Level 7 passwords

unfortuanatly i havent been able ot try this yet as i have been working away, really looking forward to trying tho, will keep you posted, home in a few days  :D

Return to Hardware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software